# {{ ansible_managed }}
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name {{ site_name }};

  ssl_certificate {{ nginx_certificate_path }}/{{ site_name }}/fullchain.pem;
  ssl_certificate_key {{ nginx_certificate_path }}/{{ site_name }}/privkey.pem;

{% if auth %}
  auth_basic "SCE";
  auth_basic_user_file /etc/nginx/passwdfile;
{% endif %}

  location / {
    proxy_pass http://127.0.0.1:{{ site_port }};

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}